Welcome to WebmasterWorld Guest from 54.227.82.149

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

Theory

Log in form

     

Adam5000

7:14 am on Sep 23, 2010 (gmt 0)

10+ Year Member



Greetings all

I'm glad there are people here to help and thanks to everyone who has helped so far.

I've got a website that has both a guest (free) area and a members area. And I'm trying to restrict access to the members area to those who have paid their fee.

I'm about done with the first part which is creating the registration form (Choose a user name, choose a password, reenter password) and then store the chosen username and password in a database.

And now for the next part. The log in form. That's the one where the user clicks on a button and a form is presented that says something like "Enter username and password." Then the computer checks the database for the username the user has keyed in. If it's there, then then the computer continues on and compares the password associated with the username to the password that has been keyed in. If the passwords match then the user is granted access. If not then access is denied. (Or at least I think that's the way it works.)

If this were in the real world I'd stamp their hand and then inspect their hand at the gate as they went in and out. But since this is cyberspace I'll need something different.

In theory, how do I let users into the members area (or not) based on the usernames and passwords in the database?

Or in other words, in theory, how do I password protect the members area after I have the chosen usernames and passwords in the database.

Stated another way, how do I grant access (or not) based on the usernames and passwords in the database.

(Pardon me. It's 2:00 a.m. here and I'm starting to babble. Smile)

Right now I'm thinking something involving the user's IP address. But that may be off base.

When I'm done with this I'm going to take a full pseudo vacation. That means putting a rope barrier around the couch and television and watching the Travel Channel for at least five days and four nights.

Help!

rocknbil

4:28 pm on Sep 23, 2010 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Or in other words, in theory, how do I password protect the members area after I have the chosen usernames and passwords in the database.


Two ways.

If your members area is static content, it will need to be protected by basic authentication [httpd.apache.org]. (Not sure how you'd do it on windows servers.) So this would mean as new members are added/removed, you update the .htpasswd file.

An easier way, is make all your content dynamic from your scripting (presuming PHP) and extracted from the database. No authentication, no access.

$authUser = authenticate();

if ($authUser > ) {
// give them the content from the database.
// Note this method can allow multiple levels
// of access: 1= basic user, 2=paid, 3= admin....
}
else {
// Back to the login or register page
}

rocknbil

5:43 pm on Sep 26, 2010 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



LOL . . . . hindsight and all that . . . .

if ($authUser > 0) {
 

Featured Threads

Hot Threads This Week

Hot Threads This Month